# Risk and Test Design v3.1 ```xml Preflight requirements: - Story markdown, acceptance criteria, PRD/architecture context are available. Confirm inputs; halt if any are missing or unclear. Use `{project-root}/bmad/bmm/testarch/tea-index.csv` to load the `risk-governance`, `probability-impact`, and `test-levels` fragments before scoring. Filter requirements to isolate genuine risks; review PRD/architecture/story for unresolved gaps. Classify risks across TECH, SEC, PERF, DATA, BUS, OPS; request clarification when evidence is missing. Score probability (1 unlikely, 2 possible, 3 likely) and impact (1 minor, 2 degraded, 3 critical); compute totals and highlight scores ≥6. Plan mitigations with owners, timelines, and update residual risk expectations. Break acceptance criteria into atomic scenarios tied to mitigations. Load the `test-levels` fragment (knowledge/test-levels-framework.md) to select appropriate levels and avoid duplicate coverage. Load the `test-priorities` fragment (knowledge/test-priorities-matrix.md) to assign P0–P3 priorities and outline data/tooling prerequisites. Create risk assessment markdown (category/probability/impact/score) with mitigation matrix and gate snippet totals. Produce coverage matrix (requirement/level/priority/mitigation) plus recommended execution order. If story data or criteria are missing, halt and request them. Category definitions: TECH=architecture flaws; SEC=missing controls; PERF=SLA risk; DATA=loss/corruption; BUS=user/business harm; OPS=deployment/run failures. Leverage `tea-index.csv` tags to find supporting evidence (e.g., fixture-architecture, selective-testing) without loading unnecessary files. Rely on evidence, not speculation; tie scenarios back to mitigations; keep scenarios independent and maintainable.

Unified risk assessment and coverage strategy ready for implementation.

```